CVE-2026-27683 — Cross-site Scripting in SE SAP Businessobjects Business Intelligence Platform

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.1MEDIUMNVD

EPSS

0.0%

top 91.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform

Timeline

PublishedApr 14

Description

SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact on confidentiality with no impact on integrity and availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform2025, 2027, ENTERPRISE 430+2

🔴Vulnerability Details

CVEList

Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform↗2026-04-14

▶

GHSA

GHSA-wm9q-282x-pcmx: SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs↗2026-04-14

▶